A delay indication can be added to soap messages by a queue so that receiving web services get a better understanding of the soap message freshness.
|
1. A computer implemented method comprising:
receiving, from a web service client, a message at a queue, wherein the message is directed to a web service and includes a timestamp provided by the web service client;
determining if the web service is available, and a length of time the message is held in the queue prior to delivery to the web service, including pinging or otherwise contacting the web service to determine its availability, and
if the web is not available, then delaying forwarding the message and continuing to measure the length of time the message is in the queue, and
if the web service is available, and if the message is held in the queue longer than a threshold duration, then adding to the message a delay indication which is representative of the length of time the message is held in the queue;
forwarding the message from the queue to the web service after the length of time;
determining, at the web service, an effective lifetime of the message based on the timestamp and any delay indication specified within the message;
using the effective lifetime to determine freshness of the message, including comparing the effective lifetime of the message with a freshness policy or threshold value, and
if the effective lifetime of the message adheres to the freshness policy or threshold value then determining the message is fresh, and
if the effective lifetime of the message does not adhere to the freshness policy or threshold value then determining the message is not fresh, and
handling the message accordingly; and
wherein a processor is used to determine whether the message has been in the queue longer than the threshold duration.
14. A system for reporting delays in messages directed to a web service, comprising:
a computer, including a processor and a web service executing thereon;
a queue, that receives a message from a web service client, wherein the message is directed to the web service and includes a timestamp provided by the web service client; and
wherein the system
determines if the web service is available, and a length of time the message is held in the queue prior to deliver to the web service, including pinging or otherwise contacting the web service to determine its availability, and
if the web service is not available, then delays forwarding the message and continues to measure the length of time the message is in the queue, and
if the web service is available, and if the message is held in the queue longer than a threshold duration, then adds to the message a delay indication which is representative of the length of time the message is held in the queue,
forwards the message from the queue to the web service after the length of time, and
determines, at the web service, an effective lifetime of the message based on the timestamp and any delay indication specified within the message, and uses the effective lifetime to determine freshness of the message, including comparing the effective lifetime of the message with a freshness policy or threshold value, and
if the effective lifetime of the message adheres to the freshness policy or threshold value then determines the message is fresh, and
if the effective lifetime of the message does not adhere to the freshness policy or threshold value then determines the message is not fresh, and
handles the message accordingly.
9. A computer implemented method comprising:
receiving, from a web service client, a soap message at a queue, wherein the soap message is directed to a web service, and wherein the soap message includes a web service security portion within the soap message header which includes a timestamp indicating a time the soap message was created by the web service client;
determining if the web service is available, and a length of time the soap message is held in the queue prior to delivery to the web service, including pinging or otherwise contacting the web service to determine its availability, and
if the web is not available, then delaying forwarding the soap message and continuing to measure the length of time the soap message is in the queue, and
if the web service is available, and if the soap message is held in the queue longer than a threshold duration, then adding to the web security portion of the header a delay indication which is representative of the length of time the soap message is held in the queue;
forwarding the soap message from the queue to the web service;
determining, at the web service, an effective lifetime of the soap message, by subtracting the length of time the message was held in the queue from the actual lifetime since the soap message was created;
using the effective lifetime to determine freshness of the soap message, including comparing the effective lifetime of the soap message with a freshness policy or threshold value, and
if the effective lifetime of the soap message adheres to the freshness policy or threshold value then determining the soap message is fresh, and
if the effective lifetime of the soap message does not adhere to the freshness policy or threshold value then determining the soap message is not fresh;
rejecting the soap message at the web service if it exceeds a threshold effective lifetime; and
wherein a processor is used to determine whether the soap message has been in the queue longer than the threshold duration.
3. The computer implemented method of
4. The computer implemented method of
5. The computer implemented method of
6. The computer implemented method of
7. The computer implemented method of
8. The computer implemented method of
subtracting the length of time the message was held in the queue, as indicated by the delay indication, from the actual lifetime since the message was created, as indicated by the timestamp.
10. The computer implemented method of
11. The computer implemented method of
12. The computer implemented method of
13. The computer implemented method of
15. The system of
subtracting the length of time the message was held in the queue, as indicated by the delay indication, from the actual lifetime since the message was created, as indicated by the timestamp.
|
|||||||||||||||||||||||
SOAP messages are used to interact with Web Services. Often they contain much of the state information for a Web Service. The SOAP message can contain a timestamp that can be used by receiving web service to ensure that the SOAP message is fresh. The timestamp helps avoid situations where an authentic SOAP message is copied, then later transmitted to the web service.
Web Services Security (WSS) uses timestamps in several ways in order to prevent attacks based on the replay of previously transmitted information. The three main cases are:
It has been widely stated that queued asynchronous transmission of messages is an important mode of operation for Web Services. If a request is made to a Service that is currently unavailable, the request can be held in a queue, until the Service is restored. The advantage is that the sender is not required to deal with retransmitting the message in the case of transient failures.
This means that from time to time messages that normally are processed in minutes or less may be held in queue for many hours or in rare cases a day or two. Unfortunately, after a delay of this length, the security processing may generate a fault, for reasons 1, 2 or 3, given above.
The normal response to the anticipation or occurrence of this event would most likely be to set the timeout to a high value, such as several days or eliminate the use of timeouts entirely. This means whatever protection is afforded by the use of timestamps is lost to deal with an event that only occurs rarely. However, the alternative of manually recovering from the timeout is likely to be inconvenient and labor intensive and result in the needless delay of important processing. It also eliminates a major benefit of using asynchronous communications in the first place.
Messages held in queue for less that the threshold can be unaltered. This means there is no performance penalty in the vast majority of the messages.
If the message cannot be forwarded for longer than the threshold time period, the queuing system can mark the message so as to indicate the length of the delay. This is simple to do as most queuing systems track the arrival times of messages for various reasons, such as performance measurement. The delay could be represented as the duration, the start and end times or perhaps the start time and duration.
Step 304 checks if the destination is available. In one embodiment, the queue can just send messages until the destination becomes unavailable. The delay information can be digitally signed and critical elements, such as the SOAP message body or other, prior digital signatures also included under the same signature. Since the queuing system might have wait an extended period before being able to forward a large number of messages, an efficient method of determining whether a system is available, without actually sending a message, can be used to avoid excessive waste of resources. It may be expensive to construct and sign the delay information every time in the hope that service had just been restored. Instead a method of pinging the system or being notified reliably of its availability can be used.
In step 306, the delay is determined. In step 308, the delay indication is digitally signed. In step 310, the signed delay indication is added to the message. SOAP messages in particular have an extensible header that allows the addition of delay information. The delay information can be formatted according to an XML schema.
One embodiment of the present invention, is a computer implemented method comprising: receiving a message at a queue. Adding a delay indication to the message, and retransmitting the message from the queue.
The message can be a SOAP message. The SOAP message can have a web service security timestamp. The SOAP message can have a web service security portion of the header that contains the delay indication. The message can be received at the queue from a web service. The delay information can be digitally signed by the queue.
The timestamp and the delay indication can be used to determine the freshness of the Message. The timestamp used to determine the lifetime of the message and this lifetime can be subtracted by the delay period to get a modified lifetime. The modified lifetime can be compared to a threshold to determine freshness. The queue can determine that a destination web service is available before the delay information is digitally signed by the queue.
In one embodiment, a computer implemented method comprises; receiving a SOAP message at a queue from a web service; adding a delay indication to the SOAP message; and retransmitting the SOAP message from the queue.
In one embodiment, a computer implemented method comprises receiving a message with a delay indication added by a queue; and using the delay indication to determine the freshness of the message.
Exemplary Schema Elements and Semantics
The following is an exemplary XML schema to indicate queue delay. Other XML schemas or protocols can be used.
/ws:Delay
This is the element for indicating message delays.
/ws:Delay/ws:Duration
This element represents the time interval that the message was delayed. It is defined as the difference between the datetime the message was received by the Asserting Party and the datetime it was sent.
/ws:Delay/ws:Received
This element represents the datetime at which the message was received by the Asserting party. When this element is present, the <ws:Duration> or <ws:Sent> element MUST also be present.
/ws:Delay/ws:Sent
This element represents the datetime at which the message was sent by the Asserting party. When this element is present, the <ws:Received> element MUST also be present.
/ws:Delay/{any}
This is an extensibility mechanism to allow additional elements to be added to the element. Unrecognized elements SHOULD cause a fault.
/ws:Delay/@wsu:Id
This optional attribute specifies an XML Schema ID that can be used to reference this Element (the delay). This is used, for example, to reference the delay in a XML Signature.
/ws:Delay/@{any}
This is an extensibility mechanism to allow additional attributes to be added to the element. Unrecognized attributes SHOULD cause a fault.
When a queuing system experiences delays in forwarding messages it SHOULD prepend a <ws:Delay> element, containing either
The mere addition of delay information to delayed messages may not be sufficient to meet the requirements associated with the usecase. Two further steps can be done.
The considerations in each of the three cases cited above are somewhat different.
Typically, the most important factor would be the probability that attributes had changed during the entire period of transmission and delay. Here delay information would not be applied. Freshness is intended to prevent replay, but Tokens are usually intended to be used repeatedly. Nevertheless, it is possible to imagine situations in which adjusting for delay would be appropriate.
Other schemes are quite possible. For example, a delay could be reported by extending the SAML Assertion and providing appropriate cryptographic binding mechanisms, for example by means of a temporary key.
One embodiment includes a computer program product which is a storage medium (media) having instructions stored thereon/in which can be used to program a computer to perform any of the features presented herein. The storage medium can include, but is not limited to, any type of disk including floppy disks, optical discs, DVD, CD-ROMs, micro drive, and magneto-optical disks, ROMs, Rams, EPROM's, EPROM's, Drams, Rams, flash memory devices, magnetic or optical cards, Nano systems (including molecular memory ICs), or any type of media or device suitable for storing instructions and/or data.
Stored on any one of the computer readable medium (media), the present invention includes software for controlling both the hardware of the general purpose/specialized computer or microprocessor, and for enabling the computer or microprocessor to interact with a human user or other mechanism utilizing the results of the present invention. Such software may include, but is not limited to, device drivers, operating systems, execution environments/containers, and user applications.
The foregoing description of preferred embodiments of the present invention has been provided for the purposes of illustration and description. It is not intended to be exhaustive or to limit the invention to the precise forms disclosed. Many modifications and variations will be apparent to one of ordinary skill in the relevant arts. For example, steps performed in the embodiments of the invention disclosed can be performed in alternate orders, certain steps can be omitted, and additional steps can be added. The embodiments were chosen and described in order to best explain the principles of the invention and its practical application, thereby enabling others skilled in the art to understand the invention for various embodiments and with various modifications that are suited to the particular use contemplated. It is intended that the scope of the invention be defined by the claims and their equivalents.
The foregoing description of preferred embodiments of the present invention has been provided for the purposes of illustration and description. It is not intended to be exhaustive or to limit the invention to the precise forms disclosed. Many embodiments were chosen and described in order to best explain the principles of the invention and its practical application, thereby enabling others skilled in the art to understand the invention for various embodiments and with various modifications that are suited to the particular use contemplated. It is intended that the scope of the invention be defined by the claims and their equivalents.
| Patent | Priority | Assignee | Title |
| 10140166, | Jun 30 2011 | International Business Machines Corporation | Message oriented middleware with integrated rules engine |
| 10216553, | Jun 30 2011 | International Business Machines Corporation | Message oriented middleware with integrated rules engine |
| 10404676, | Mar 29 2016 | Intel Corporation | Method and apparatus to coordinate and authenticate requests for data |
| 10505881, | Sep 23 2015 | Amazon Technologies, Inc | Generating message envelopes for heterogeneous events |
| 10592312, | Jun 30 2011 | International Business Machines Corporation | Message oriented middleware with integrated rules engine |
| 10789111, | Jun 30 2011 | International Business Machines Corporation | Message oriented middleware with integrated rules engine |
| 10990887, | Dec 13 2017 | Amazon Technologies, Inc. | Anything-but matching using finite-state machines |
| 11068487, | Sep 08 2015 | Amazon Technologies, Inc | Event-stream searching using compiled rule patterns |
| 11736433, | Nov 10 2014 | GOOGLE LLC | Watermark-based message queue |
| 8291432, | Dec 01 2010 | International Business Machines Corporation | Providing invocation context to IMS service provider applications |
| 8873395, | Jan 23 2013 | Sprint Spectrum LLC | Methods and systems for dynamically varying quality of service for wireless communications |
| 9973306, | Sep 14 2015 | Amazon Technologies, Inc | Freshness-sensitive message delivery |
| Patent | Priority | Assignee | Title |
| 20040088433, | |||
| 20040177108, | |||
| 20050114487, | |||
| 20050172171, | |||
| 20060168132, |
| Executed on | Assignor | Assignee | Conveyance | Frame | Reel | Doc |
| Feb 22 2006 | LOCKHART, HAROLD W , JR | BEA SYSTEMS, INC | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 017453 | /0926 | |
| Mar 01 2006 | BEA Systems, Inc. | (assignment on the face of the patent) | / | |||
| Oct 08 2010 | BEA SYSTEMS, INC | Oracle International Corporation | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 025192 | /0244 |
| Date | Maintenance Fee Events |
| Mar 14 2013 | M1551: Payment of Maintenance Fee, 4th Year, Large Entity. |
| Aug 03 2017 | M1552: Payment of Maintenance Fee, 8th Year, Large Entity. |
| Aug 04 2021 | M1553: Payment of Maintenance Fee, 12th Year, Large Entity. |
| Date | Maintenance Schedule |
| Feb 16 2013 | 4 years fee payment window open |
| Aug 16 2013 | 6 months grace period start (w surcharge) |
| Feb 16 2014 | patent expiry (for year 4) |
| Feb 16 2016 | 2 years to revive unintentionally abandoned end. (for year 4) |
| Feb 16 2017 | 8 years fee payment window open |
| Aug 16 2017 | 6 months grace period start (w surcharge) |
| Feb 16 2018 | patent expiry (for year 8) |
| Feb 16 2020 | 2 years to revive unintentionally abandoned end. (for year 8) |
| Feb 16 2021 | 12 years fee payment window open |
| Aug 16 2021 | 6 months grace period start (w surcharge) |
| Feb 16 2022 | patent expiry (for year 12) |
| Feb 16 2024 | 2 years to revive unintentionally abandoned end. (for year 12) |